You are not logged in.

Pages: 1

#1 2014-10-14 16:06:42

smirky
Member
From: Bulgaria
Registered: 2013-02-23
Posts: 277
Website

Postfix (Virtual users) + Dovecot + Submission [TLS] - auth problem

I'm trying to get the configuration working, but authentication seems to be a big problem. After following the wiki here:
https://wiki.archlinux.org/index.php/Vi … ail_system
I managed to get it all done step by step. Here's what I did:

1. Made the users as described in the wiki.
2. Made the database as described in the wiki with another password of course.
3. Manually created the tables with the new user.
4. Added my domain and a test user.

INSERT INTO `domains` VALUES ('mydomain.net');
INSERT INTO `users` VALUES ('testuser@mydomain.net', encrypt('*******'), <the_quota>, 'mydomain.net');

The part where you have to setup the postfix_db without PostfixAdmin wasn't described. I managed to edit the one that was provided but for PostfixAdmin and here's how it looks:
5. I already have certificates.
6. Created main.cf and master.cf:

## main.cf
myhostname = mail.mydomain.net
mydomain = mydomain.net
myorigin = $mydomain
mydestination = localhost # The wiki says I need to leave this localhost?
mynetworks_style = host

relay_domains = *
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_recipient_restrictions = permit_mynetworks,
			     permit_sasl_authenticated,
			     reject_unauth_destination
			     check_policy_service unix:private/policy-spf
smtpd_relay_restrictions = permit_mynetworks,
			 permit_sasl_authenticated,
			 reject_unauth_destination
			 check_policy_service unix:private/policy-spf

smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/ssl_stuff/ssl.key
smtpd_tls_cert_file = /etc/postfix/ssl_stuff/ssl.crt
smtpd_tls_CAfile = /etc/postfix/ssl_stuff/sub.class1.server.ca.pem
smtp_tls_CAfile = $smtpd_tls_CAfile
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1

policy-spf_time_limit = 3600s

smtpd_tls_session_cache_timeout = 3600s

queue_directory = /var/spool/postfix
command_directory = /usr/bin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/bin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix/sample
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4
## master.cf
smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o smtpd_sasl_auth_enable=yes

pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
policy-spf	unix	-	n	n	-	-	spawn
	user=nobody argv=/usr/bin/policyd-spf

Created 

virtual_alias_maps.cf, virtual_mailbox_domains.cf, virtual_mailbox_maps.cf

as described without PostfixAdmin and with the proper user and password.
7. Created a new dovecot.conf with the configuration given in the wiki except the *.key and *.crt paths.
8. Created dovecot-sql.conf with my own configurations because the one provided is for the PostfixAdmin example:

driver = mysql
connect = host=localhost dbname=postfix_db user=postfix_user password=********

default_pass_scheme = MD5-CRYPT

user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=',  quota) AS quota FROM users WHERE email = '%u'

password_query = SELECT email as user, password, '/home/vmail/%d/%u' as userdb_home, 'maildir:/home/vmail/%d/%u' as userdb_mail, 5000 as  userdb_uid, 5000 as userdb_gid FROM users WHERE email = '%u'

That's the whole configuration!

Here's what I get from the logs when I try to connect through Thunderbird or something else (e.g. Roundcube):

Oct 14 19:03:33 archy dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=87.97.204.255, lip=192.168.1.100, TLS, session=<mmNBKGQFvQBXYcz/>
Oct 14 19:03:33 archy postfix/submission/smtpd[10928]: connect from unknown[87.97.204.255]
Oct 14 19:03:33 archy postfix/submission/smtpd[10928]: improper command pipelining after EHLO from unknown[87.97.204.255]: QUIT\r\n
Oct 14 19:03:33 archy postfix/submission/smtpd[10928]: disconnect from unknown[87.97.204.255]
Oct 14 19:03:44 archy dovecot: imap-login: Disconnected (auth failed, 2 attempts in 8 secs): user=<test>, method=PLAIN, rip=87.97.204.255, lip=192.168.1.100, TLS, session=<kb1xKGQFwABXYcz/>
Oct 14 19:04:00 archy dovecot: imap-login: Disconnected (auth failed, 2 attempts in 16 secs): user=<test@smirky.net>, method=PLAIN, rip=87.97.204.255, lip=192.168.1.100, TLS, session=<5nPlKGQFwgBXYcz/>

Any thoughts about what could be wrong with this configuration are more than welcome. Thanks!

Last edited by smirky (2014-10-14 20:37:43)

Personal spot  ::  https://www.smirky.net/  ::  Try not to get lost!

Offline

Pages: 1

Board footer

Powered by FluxBB